Actually, the firmware mod opens it up to being further hacked (Do remember that they lost positive control of the ROOT signing key...meaning that ANYONE can MITM their update chain now...) as now hackers can put and remove things at will on their boxes
The upside to that fact would be that you would be able to MITM the PS3 yourself, and push any update you wish into the machine, including unlocking it further.
This should be a boon to homebrewers if it is true!
Imagine a new PS3 Linux distro that comes in the form of a boot CD iso. You boot it on another PC, plug that PC into the PS3 via switch or crossover, and the live cd already has the right IPs/proxies/masquerading software configured to answer as if it was sony's network. It can then push (Or let the PS3 pull from) any software or image onto the PS3 one would want, be it Linux or even an XBMC clone!
that explains the 32 bit IPs, but it doesnt explain the extra 14/8s which are reserved for "future use"
The explanation is because now the first four bits of an IP address dictate what type and class of address it is, but back then only the first three bits were defined this way.
The first bit being zero means class A, the first bit one but second bit zero is class B. One One Zero is C, and so on.
Once you get to the first three bits being ones, you are in either the class D or E blocks depending on that 4th bit, E being the block we are talking about here.
Class D is multicast, not anycast. You can not assign or use a multicast address as a source IP.
At the time the 4th bit was not defined like this, only the first three. 111X was one big block (D and E combined) of which the lower half was defined as multicast.
It would be exceptionally stupid to make assumptions that later in time that block would be cut in half, and half of it would go back to anycast for no obvious reason.
So it is not that the E block is reserved for Future use, it was reserved for multicast use and a lot of old routers make just that assumption.
Since you can't use a multicast IP as a source address, they clearly can not be specified in the router or on your network. You simply send packets TO those addresses.
Even now, where class E could possibly be used this way, those old routers will not accept a reply from them, since you can not have a multicast IP as the source. If replies get dropped by half the Internets hardware, they won't do much good.
Check out RFC 1375 if you are interested in how the first few bits of an address define its type and class.
What they have done is no different that the cable company demanding root level access to your computer in order to go online. People would be outraged there, why should a game console (which is just a dedicated computer) be any different?
This reminds me of certain American Universities, that require you to install an application as admin to gain access to their campus network.
While the initial list of reasons for the app seem reasonable enough (Verify antivirus is installed, try to verify no infections, and make sure network harming apps are either not installed or are at least configured properly), they do provide auto-update ability to the application and so at any time can have any other commands added, which run under the same privileged level.
If there is no "All's OK" message from this app, the switches don't grant you access to the network.
It is definitely an over reaching requirement to gain access to a companies services, but at least in the PS3 case you can still say no.
While I don't have a PS3, for other consoles I do own I have always had two of them for this very reason. One is 'theirs' and I let them run whatever they want on the thing to gain access to the gaming network. The other is mine, and never connects to their services at all, and only runs the code I want it to. Best of both worlds!
Better yet, maybe reduce the prison population in general?
They can't do that, then they would be required by law to HIRE workers, and pay them minimum wage, and they would be free to quit if they didn't like the working conditions.
No sir, that would cut WAY into the prison companies profits!
Which is the UNIX approach to dong things, which has worked out very well for a long time.
So how do you pipe iApps together to perform more complex tasks?
AppleScript and Automator
Instead of being limited to only stdin, stdout, and stderr, they let you pipe objects between apps and even let you put the end result as text to use with stdin on a command line tool and back again.
There are plenty of examples for both languages on how to do most scripting/piping tasks with not just iApps but most OS X applications.
Script editor even lets you compile your apple scripts and automations down to applications, which gives you the same functionality as a shell script starting with #!/bin/bash and being chmod +x
Here is a nice screen shot of the GUI Automator editor showing the apps it can put together, some actions in the app it has selected, and the methodology for putting together each bit of the script you want to do, coincidentally using an iApp.
For anyone who's good at Excel formulas or macros, Automator will be a snap. Similarly, anyone used to shell scripting will find Apple script just as easy.
THAT'S the problem. Had he done this, then only sent the data to AT&T rather than publicly releasing it, they likely would be thanking him rather than trying to send him to the pokey.
To be totally honest, had he just given the information to AT&T and no one else, they most likely still would be pressing charges and taking him to court for 'hacking' their system.
Don't get me wrong, they were/are definitely lying about the whole trying to help AT&T's security thing. Gathering the data then going public with it all without contacting AT&T is clearly not an act that is trying to help fix security problems, and this was not to help anyone except themselves.
But had they actually had only good intentions, and reported this flaw directly to AT&T instead of the public, I seriously doubt AT&T would be thanking them with anything other than criminal charges.
These days the only safe way to convince a company there is a security flaw that needs fixing would be to *anonymously* submit the data to them, with a description of the exploit(s) used, and maybe a suggestion how to go about fixing it. You just can't attach your name to it to get credit. Corporations will still see this as a direct threat either way you go about it, and will lash back just the same.
Sounds to me he is describing the dangers of a society where "the liability concept is upwardly mobile, searching always for the deepest pocket" more than any dangers of robots or programmers/engineers...
In fact this is and will be a problem with everything done in such a society, and shows how if the legal system is not radically changed, it will be the downfall of all innovation, which we have started to see with other countries leaping ahead in technical industries.
Unfortunately this system is designed in such a way to further propagate itself with little to no checks or balances in place to stop it, short of self destruction. I sure hope I am wrong about that fact, but this articles author seems to have no insight to show otherwise.
It's a biased nothing article, probably submitted by a book lover.
Which is pretty ironic, since he also argued that real books that use paper are even Worse than ebooks and computer monitors, since by the same reasoning paper is even easier on the eyes than e-readers, have the same fonts, and are even higher resolution.
As so many people have pointed out here before, publishing classified information is not a crime in the US.
Since when is committing a crime required to be locked up in prison for life?
Many of the prisoners being held at Guantanamo were waiting YEARS for their trial, some never got one. They remained there for years none the less.
Then look at the person who actually DID leak this info. He is in 23 hour a day solitary confinement since he was arrested and STILL no charges have been brought against him.
On top of that, there are plenty of false charges they can put against anyone at any time if they really wanted to play the game, which it appears they don't care to even put on a show of anymore.
When you are on the search screen, the top has a text box for search, as well as a mic icon and a camera icon, for voice and goggles search respectively.
Now, how do you feel about your surgeon hitting that wall when he's up to his elbows in your guts?
So are you claiming that you do not at all trust the person you're letting get elbow deep into your guts to know what he or she is doing? If that is the case, why are you even letting him operate on you in the first place?
He might be well rested, but why believe he has any skills at surgery? And if you believe he has skills at surgery, why not also believe him when he says he has had enough sleep the night before?
If you don't trust him to know what he is doing (Realizing he is too tired to perform the operation), then why would you trust him to know what he is doing (Able and skilled enough to not kill you while elbow deep in your guts)?
The two things you need to trust are pretty much on par with each other. Failing either one can result in your death, or countless other problems.
But it does mean that we have to accept that for many people, losing their license is not an inconvenience
Sounds to me like those particular people should take that fact into account, and put even more effort into not drinking while driving. Not giving them more of a break when caught doing so.
The guy with nothing to lose will be inconvenienced a lot less by a punishment than the guy with everything to lose. The punishment should not be changed to reflect that however. It should be taken into account by the person about to commit a crime and be even more reason not to commit it in the first place.
Well, it seems the point is that "always-on" isn't as reliable as you might think it is. In this case the author of the commentary expected to have continuous service, and ended up not having it.
Now that would be a valid complaint. As most of us here know, always-on isn't 'always', and ChromeOS needs to be able to handle outages. There appears to be plenty of room for improvement still in that area, and I imagine that is exactly the type of thing Google would want to hear about as part of the current testing process.
Now I don't know what this reviewer told Google directly, but in his review to the public he clearly is stating a different problem, namely that requiring internet access is a downside to the device.
I read that akin to stating that a problem with cell phones is that they do not have a wire connecting them to the phone company, simply because in his experience it lost signal. In that example, yes it should be improved to try and not lose signal, but not having a wire should not be the stated problem.
I assumed on a technical site such as slashdot this would be an obvious difference, but clearly others and at least one moderator agree that an internet appliance has a problem for requiring the internet, and that a normal PC is a better solution because it can have an offline word processor, despite the fact a regular PC does not help with any of the other problems ChromeOS was designed to address.
A good next step for Google to take would be a more complex and smart 'offline cache', one that can sync in the background like ChromeOS does now, but also will cache locally everything in your Google apps storage. Obviously having a PC destroyed and replaced like in the commercial will be a rare occurrence for most of us, but jumping from machine to machine and having access to the same 'desktop' and data so to speak will be a very nice feature. If available local storage is used to stay in sync in a smarter way, it should still be possible to edit documents you are working on, and even open a document you haven't yet touched today all while offline, yet synced to the cloud as so you can get to the data from any other computer signed in on your account. It could probably write to both at the same time even when online.
I however still think all of those implementation details can be fixed, all without having to address the 'problem' that the device needs an internet connection.
If you're not connected to the Internet on this laptop, you're dead in the water
I also noticed that without an Internet connection, I can't seem to view any web pages! Someone really needs to fix this flaw in the internet program.
Requiring internet access to use the internet is just plain stupid! Now excuse me while I go write up an article about it for PC world.../sarcasm
Seriously, when one of the first and primary requirements of this machine is an always on internet connection, why is it a downside or news worthy when they discover that fact is true?
No way, just don't accept the same packet from the same IP more than once per second. The firewall rule would be a little more complex, but there are definite differences between Ddos packets and legitimate packets that a properly configured firewall should be able to detect.
With a petabit of traffic every second from every peering point your ISP has from all over the world hitting your firewall, your plan would still leave your server unavailable.
In fact the odds of your server or firewall being targeted are small... It is most likely your ISP being targeted. Your firewall isn't even on the right part of the network to see that, let alone make any choices about it.
Why would it matter if you have the same IP address you've had for several years? Whats wrong with switching to a different one?
There isn't. The problem is you asked the wrong question. This is ARIN we are talking about, they don't deal with single IP addresses.
Try a/16 block, or 65000 IP addresses.
To reword your question into relevance: "Why would it matter if you have the same 65000 IP addresses you've had for several years? Whats wrong with switching to a different 65000 addresses?"
Can you not imagine the undue amount of work such a change would involve to renumber that many computers, servers, routers, switches, DNS entries, DHCP MAC entries, config files for access control, and firewall rules?
Yea, if exim will run commands out of its config, and exim is running as root but hasn't dropped root privs (Not being an exim user, I don't know exactly how it behaves) then you can own the machine.
One can just copy/bin/sh to somewhere slightly hidden and change that to suid. Then from a normal shell (Even the exim user) you can elevate up.
Most programs of this sort require root only to bind to ports below 1024, and then can drop those privileges afterward. It really just depends at what point those commands in the config file get run.
You can run sh because it is in/bin/sh which is not noexec.
You have no way to run it setuid however because the program you have above will live in/var/spool/exim4 which is noexec.
If you run it directly, it will fail. If you run it with an sh in front, you invoke/bin.sh normally (not setuid) and you only spawn another shell as the exim user, same as you already had in the first place.
You mean the legitimate publisher who wants to leech my limited monthly cap for their own purposes?
So asking if you would mind helping out with spreading the cost of bandwidth around, where you are free to say yes or no, is now 'leeching'?
Remind me to never ask you for a favor.
You sound like the type who would respond to "Could I please use your cellphone for just two minutes to make an emergency phone call" with the response "Well I dunno, I only get 700 minutes a month, and even though I have plenty of minutes left, I still feel you somehow owe me money for those two minutes you want to use" Or worse, you claim I can use your phone, and later try to hold those two minutes I 'owe' you over my head for the rest of time...
It's not like anyone is forcing you to leave the torrent running, especially in small legitimate publishers cases where they only have one or two files to distribute anyway and there is no such thing as ratio!
Slashdot Mirror
Why do we need more TLDs?
Hookers and blow don't grow on trees ya know ;P
It's like asking "Why do we need to print out two $100 bills when we can just print out the one?"
Or in this case 115 instead of just the 3.
having their heads repeatedly smashed in by a circa-1995 Cisco router.
We're gonna need a lot more circa-1995 cisco routers...
That's cool, Sprint's got you covered.
Actually, the firmware mod opens it up to being further hacked (Do remember that they lost positive control of the ROOT signing key...meaning that ANYONE can MITM their update chain now...) as now hackers can put and remove things at will on their boxes
The upside to that fact would be that you would be able to MITM the PS3 yourself, and push any update you wish into the machine, including unlocking it further.
This should be a boon to homebrewers if it is true!
Imagine a new PS3 Linux distro that comes in the form of a boot CD iso.
You boot it on another PC, plug that PC into the PS3 via switch or crossover, and the live cd already has the right IPs/proxies/masquerading software configured to answer as if it was sony's network.
It can then push (Or let the PS3 pull from) any software or image onto the PS3 one would want, be it Linux or even an XBMC clone!
that explains the 32 bit IPs, but it doesnt explain the extra 14 /8s which are reserved for "future use"
The explanation is because now the first four bits of an IP address dictate what type and class of address it is, but back then only the first three bits were defined this way.
The first bit being zero means class A, the first bit one but second bit zero is class B. One One Zero is C, and so on.
Once you get to the first three bits being ones, you are in either the class D or E blocks depending on that 4th bit, E being the block we are talking about here.
Class D is multicast, not anycast. You can not assign or use a multicast address as a source IP.
At the time the 4th bit was not defined like this, only the first three.
111X was one big block (D and E combined) of which the lower half was defined as multicast.
It would be exceptionally stupid to make assumptions that later in time that block would be cut in half, and half of it would go back to anycast for no obvious reason.
So it is not that the E block is reserved for Future use, it was reserved for multicast use and a lot of old routers make just that assumption.
Since you can't use a multicast IP as a source address, they clearly can not be specified in the router or on your network. You simply send packets TO those addresses.
Even now, where class E could possibly be used this way, those old routers will not accept a reply from them, since you can not have a multicast IP as the source. If replies get dropped by half the Internets hardware, they won't do much good.
Check out RFC 1375 if you are interested in how the first few bits of an address define its type and class.
What they have done is no different that the cable company demanding root level access to your computer in order to go online. People would be outraged there, why should a game console (which is just a dedicated computer) be any different?
This reminds me of certain American Universities, that require you to install an application as admin to gain access to their campus network.
While the initial list of reasons for the app seem reasonable enough (Verify antivirus is installed, try to verify no infections, and make sure network harming apps are either not installed or are at least configured properly), they do provide auto-update ability to the application and so at any time can have any other commands added, which run under the same privileged level.
If there is no "All's OK" message from this app, the switches don't grant you access to the network.
It is definitely an over reaching requirement to gain access to a companies services, but at least in the PS3 case you can still say no.
While I don't have a PS3, for other consoles I do own I have always had two of them for this very reason.
One is 'theirs' and I let them run whatever they want on the thing to gain access to the gaming network.
The other is mine, and never connects to their services at all, and only runs the code I want it to.
Best of both worlds!
China is not censoring the events in Egypt.
So you feel the block on this word is for technical reasons then?
Is Sony's real name Schrodinger?
No, they just like killing kittens and putting them in small bags.
Better yet, maybe reduce the prison population in general?
They can't do that, then they would be required by law to HIRE workers, and pay them minimum wage, and they would be free to quit if they didn't like the working conditions.
No sir, that would cut WAY into the prison companies profits!
Which is the UNIX approach to dong things, which has worked out very well for a long time.
So how do you pipe iApps together to perform more complex tasks?
AppleScript and Automator
Instead of being limited to only stdin, stdout, and stderr, they let you pipe objects between apps and even let you put the end result as text to use with stdin on a command line tool and back again.
There are plenty of examples for both languages on how to do most scripting/piping tasks with not just iApps but most OS X applications.
Script editor even lets you compile your apple scripts and automations down to applications, which gives you the same functionality as a shell script starting with #!/bin/bash and being chmod +x
Here is a nice screen shot of the GUI Automator editor showing the apps it can put together, some actions in the app it has selected, and the methodology for putting together each bit of the script you want to do, coincidentally using an iApp.
For anyone who's good at Excel formulas or macros, Automator will be a snap. Similarly, anyone used to shell scripting will find Apple script just as easy.
THAT'S the problem. Had he done this, then only sent the data to AT&T rather than publicly releasing it, they likely would be thanking him rather than trying to send him to the pokey.
To be totally honest, had he just given the information to AT&T and no one else, they most likely still would be pressing charges and taking him to court for 'hacking' their system.
Don't get me wrong, they were/are definitely lying about the whole trying to help AT&T's security thing.
Gathering the data then going public with it all without contacting AT&T is clearly not an act that is trying to help fix security problems, and this was not to help anyone except themselves.
But had they actually had only good intentions, and reported this flaw directly to AT&T instead of the public, I seriously doubt AT&T would be thanking them with anything other than criminal charges.
These days the only safe way to convince a company there is a security flaw that needs fixing would be to *anonymously* submit the data to them, with a description of the exploit(s) used, and maybe a suggestion how to go about fixing it.
You just can't attach your name to it to get credit. Corporations will still see this as a direct threat either way you go about it, and will lash back just the same.
Sounds to me he is describing the dangers of a society where "the liability concept is upwardly mobile, searching always for the deepest pocket" more than any dangers of robots or programmers/engineers...
In fact this is and will be a problem with everything done in such a society, and shows how if the legal system is not radically changed, it will be the downfall of all innovation, which we have started to see with other countries leaping ahead in technical industries.
Unfortunately this system is designed in such a way to further propagate itself with little to no checks or balances in place to stop it, short of self destruction.
I sure hope I am wrong about that fact, but this articles author seems to have no insight to show otherwise.
It's a biased nothing article, probably submitted by a book lover.
Which is pretty ironic, since he also argued that real books that use paper are even Worse than ebooks and computer monitors, since by the same reasoning paper is even easier on the eyes than e-readers, have the same fonts, and are even higher resolution.
As so many people have pointed out here before, publishing classified information is not a crime in the US.
Since when is committing a crime required to be locked up in prison for life?
Many of the prisoners being held at Guantanamo were waiting YEARS for their trial, some never got one. They remained there for years none the less.
Then look at the person who actually DID leak this info. He is in 23 hour a day solitary confinement since he was arrested and STILL no charges have been brought against him.
On top of that, there are plenty of false charges they can put against anyone at any time if they really wanted to play the game, which it appears they don't care to even put on a show of anymore.
Download "Google Mobile App"
When you are on the search screen, the top has a text box for search, as well as a mic icon and a camera icon, for voice and goggles search respectively.
Now, how do you feel about your surgeon hitting that wall when he's up to his elbows in your guts?
So are you claiming that you do not at all trust the person you're letting get elbow deep into your guts to know what he or she is doing? If that is the case, why are you even letting him operate on you in the first place?
He might be well rested, but why believe he has any skills at surgery? And if you believe he has skills at surgery, why not also believe him when he says he has had enough sleep the night before?
If you don't trust him to know what he is doing (Realizing he is too tired to perform the operation), then why would you trust him to know what he is doing (Able and skilled enough to not kill you while elbow deep in your guts)?
The two things you need to trust are pretty much on par with each other. Failing either one can result in your death, or countless other problems.
But it does mean that we have to accept that for many people, losing their license is not an inconvenience
Sounds to me like those particular people should take that fact into account, and put even more effort into not drinking while driving. Not giving them more of a break when caught doing so.
The guy with nothing to lose will be inconvenienced a lot less by a punishment than the guy with everything to lose.
The punishment should not be changed to reflect that however. It should be taken into account by the person about to commit a crime and be even more reason not to commit it in the first place.
and i'd like to be able to carry several books around for the weight of one.
Well, Amazon does still sell backpacks and energy pills! ;}
FCC rules generally prohibit most unsolicited fax advertisements
Advertisements yes, but what about a couple sheets of black construction paper taped into a loop?
Well, it seems the point is that "always-on" isn't as reliable as you might think it is. In this case the author of the commentary expected to have continuous service, and ended up not having it.
Now that would be a valid complaint. As most of us here know, always-on isn't 'always', and ChromeOS needs to be able to handle outages. There appears to be plenty of room for improvement still in that area, and I imagine that is exactly the type of thing Google would want to hear about as part of the current testing process.
Now I don't know what this reviewer told Google directly, but in his review to the public he clearly is stating a different problem, namely that requiring internet access is a downside to the device.
I read that akin to stating that a problem with cell phones is that they do not have a wire connecting them to the phone company, simply because in his experience it lost signal.
In that example, yes it should be improved to try and not lose signal, but not having a wire should not be the stated problem.
I assumed on a technical site such as slashdot this would be an obvious difference, but clearly others and at least one moderator agree that an internet appliance has a problem for requiring the internet, and that a normal PC is a better solution because it can have an offline word processor, despite the fact a regular PC does not help with any of the other problems ChromeOS was designed to address.
A good next step for Google to take would be a more complex and smart 'offline cache', one that can sync in the background like ChromeOS does now, but also will cache locally everything in your Google apps storage.
Obviously having a PC destroyed and replaced like in the commercial will be a rare occurrence for most of us, but jumping from machine to machine and having access to the same 'desktop' and data so to speak will be a very nice feature.
If available local storage is used to stay in sync in a smarter way, it should still be possible to edit documents you are working on, and even open a document you haven't yet touched today all while offline, yet synced to the cloud as so you can get to the data from any other computer signed in on your account. It could probably write to both at the same time even when online.
I however still think all of those implementation details can be fixed, all without having to address the 'problem' that the device needs an internet connection.
If you're not connected to the Internet on this laptop, you're dead in the water
I also noticed that without an Internet connection, I can't seem to view any web pages!
Someone really needs to fix this flaw in the internet program.
Requiring internet access to use the internet is just plain stupid! Now excuse me while I go write up an article about it for PC world... /sarcasm
Seriously, when one of the first and primary requirements of this machine is an always on internet connection, why is it a downside or news worthy when they discover that fact is true?
No way, just don't accept the same packet from the same IP more than once per second. The firewall rule would be a little more complex, but there are definite differences between Ddos packets and legitimate packets that a properly configured firewall should be able to detect.
With a petabit of traffic every second from every peering point your ISP has from all over the world hitting your firewall, your plan would still leave your server unavailable.
In fact the odds of your server or firewall being targeted are small... It is most likely your ISP being targeted. Your firewall isn't even on the right part of the network to see that, let alone make any choices about it.
DDoS has come a long way in the last decade...
Why would it matter if you have the same IP address you've had for several years? Whats wrong with switching to a different one?
There isn't. The problem is you asked the wrong question.
This is ARIN we are talking about, they don't deal with single IP addresses.
Try a /16 block, or 65000 IP addresses.
To reword your question into relevance: "Why would it matter if you have the same 65000 IP addresses you've had for several years? Whats wrong with switching to a different 65000 addresses?"
Can you not imagine the undue amount of work such a change would involve to renumber that many computers, servers, routers, switches, DNS entries, DHCP MAC entries, config files for access control, and firewall rules?
Yea, if exim will run commands out of its config, and exim is running as root but hasn't dropped root privs (Not being an exim user, I don't know exactly how it behaves) then you can own the machine.
One can just copy /bin/sh to somewhere slightly hidden and change that to suid.
Then from a normal shell (Even the exim user) you can elevate up.
Most programs of this sort require root only to bind to ports below 1024, and then can drop those privileges afterward. It really just depends at what point those commands in the config file get run.
You can run sh because it is in /bin/sh which is not noexec.
You have no way to run it setuid however because the program you have above will live in /var/spool/exim4 which is noexec.
If you run it directly, it will fail. If you run it with an sh in front, you invoke /bin.sh normally (not setuid) and you only spawn another shell as the exim user, same as you already had in the first place.
You mean the legitimate publisher who wants to leech my limited monthly cap for their own purposes?
So asking if you would mind helping out with spreading the cost of bandwidth around, where you are free to say yes or no, is now 'leeching'?
Remind me to never ask you for a favor.
You sound like the type who would respond to "Could I please use your cellphone for just two minutes to make an emergency phone call" with the response "Well I dunno, I only get 700 minutes a month, and even though I have plenty of minutes left, I still feel you somehow owe me money for those two minutes you want to use"
Or worse, you claim I can use your phone, and later try to hold those two minutes I 'owe' you over my head for the rest of time...
It's not like anyone is forcing you to leave the torrent running, especially in small legitimate publishers cases where they only have one or two files to distribute anyway and there is no such thing as ratio!